WIP synapse

deployer/group_vars/all/vars.yml

@@ -132,6 +132,9 @@ sites:
   - slug: synapse_test # Shorthand name to use as directory/file name
     # The site URL (without www)
     url: test.zinz.dev
+    # Wanna display custom HTML as landing page? Fill this with its path.
+    # To keep the defaults, comment line
+    custom_landing: /vault/www/riot
     # What kind of site is that?
     type: synapse
     # Subnet addresses
@@ -139,9 +142,9 @@ sites:
     subnet_gateway_ip: 172.27.7.1
     subnet_site_ip: 172.27.7.2
     # PostgreSQL
-    psql_database: synapse_test
+    postgres_database: synapse_test
-    psql_username: synapse_test
+    postgres_username: synapse_test
-    psql_password: "{{ vault_synapse_test_psql_password }}"
+    postgres_password: "{{ vault_synapse_test_psql_password }}"
     # SMTP
     contact_email: contact@zinz.dev 
     smtp_host: mail.gandi.net

deployer/roles/build/tasks/backup.yml

@@ -32,7 +32,7 @@
       become: yes
   when: site_data_path is defined
 
-- name: "Database backups"
+- name: "MySQL Database backups"
   block:
     # You need your root MySQL password stored in /root/.my.cnf to avoid
     # putting the password in the crontab
@@ -60,3 +60,8 @@
           }
       become: yes
   when: site.mysql_database is defined
+
+- name: "PostgreSQL Database backups"
+  block:
+    debug: msg="TODO PUTAIN BOSSE LÀ"
+  when: site.postgres_database is defined

deployer/roles/build/tasks/postgres.yml

@@ -0,0 +1,31 @@
+---
+# Needs variables:
+#   - site: dict describing the site install (cf group_vars/all/vars.yml)
+
+- name: "Create database {{ site.mysql_database }} if inexistent"
+  # mysql_db:
+  #   name: "{{ site.mysql_database }}"
+  #   state: present
+  #   # Credentials to log in MySQL
+  #   login_host: localhost
+  #   login_user: root
+  #   login_password: "{{ mysql_root_password }}"
+
+
+# MySQL equivalent:
+# TODO: PostgreSQL?
+# create user <user>@<ip> identified by <pass>;
+# grant all on <db>.* to <user>@<ip>;
+- name: "Add database user {{ site.mysql_username }}@{{ site.subnet_site_ip }} and grant all privileges on {{ site.mysql_database }}"
+  # mysql_user:
+  #   # Credentials to log in MySQL
+  #   login_host: localhost
+  #   login_user: root
+  #   login_password: "{{ mysql_root_password }}"
+  #   # Credentials of the new db user
+  #   host: "{{ site.subnet_site_ip }}"
+  #   name: "{{ site.mysql_username }}"
+  #   password: "{{ site.mysql_password }}"
+  #   # Grants
+  #   priv: "{{ site.mysql_database }}.*:all"
+  #   state: present

deployer/roles/build/tasks/synapse.yml

@@ -10,3 +10,19 @@
 - name: "Render templates"
   import_tasks: render.yml
   tags: render
+
+############################
+# PostgreSQL configuration #
+############################
+
+- name: "Setup PostgreSQL"
+  import_tasks: postgres.yml
+  tags: postgres
+
+#################
+# Setup backups #
+#################
+
+- name: "Setup backups"
+  import_tasks: backup.yml
+  tags: backup

deployer/roles/build/templates/synapse/docker-compose.yml.j2

@@ -8,29 +8,30 @@ services:
   site:
     # build: site
     image: matrixdotorg/synapse:{{ gitea.version }}
-    restart: always
+    restart: unless-stopped
     environment:
-      APP_NAME: "Gitea: git with a cup of coffee"
+      - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-      DOMAIN: "{{ site.url }}"
+    #   APP_NAME: "Gitea: git with a cup of coffee"
-      SSH_DOMAIN: "{{ site.url }}"
+    #   DOMAIN: "{{ site.url }}"
-      ROOL_URL: "https://{{ site.url }}/"
+    #   SSH_DOMAIN: "{{ site.url }}"
-      USER_UID: "{{ site.user_uid }}"
+    #   ROOL_URL: "https://{{ site.url }}/"
-      USER_GID: "{{ site.user_gid }}"
+    #   USER_UID: "{{ site.user_uid }}"
-      DB_TYPE: mysql
+    #   USER_GID: "{{ site.user_gid }}"
-      DB_HOST: "{{ site.subnet_gateway_ip }}"
+    #   DB_TYPE: mysql
-      DB_USER: "{{ site.mysql_username }}"
+    #   DB_HOST: "{{ site.subnet_gateway_ip }}"
-      DB_PASSWD: "{{ site.mysql_password }}"
+    #   DB_USER: "{{ site.mysql_username }}"
-      DB_NAME: "{{ site.mysql_database }}"
+    #   DB_PASSWD: "{{ site.mysql_password }}"
+    #   DB_NAME: "{{ site.mysql_database }}"
     volumes: 
       - "{{ site_data_path }}:/data"
-      - "/home/git/.ssh:/data/git/.ssh"
+    #   - "/home/git/.ssh:/data/git/.ssh"
-      - "/etc/timezone:/etc/timezone:ro"
+    #   - "/etc/timezone:/etc/timezone:ro"
-      - "/etc/localtime:/etc/localtime:ro"
+    #   - "/etc/localtime:/etc/localtime:ro"
     networks:
       net:
         ipv4_address: "{{ site.subnet_site_ip }}"
     ports:
-      - "127.0.0.1:2222:22" # SSH Passthrough
+      # - "127.0.0.1:2222:22" # SSH Passthrough
 
 networks:
   net:

deployer/roles/build/templates/synapse/homeserver.yaml.j2

@@ -630,9 +630,9 @@ acme:
 database:
  name: psycopg2
  args:
-   user: "{{ site.psql_username }}"
+   user: "{{ site.postgres_username }}"
-   password: "{{ site.psql_password }}"
+   password: "{{ site.postgres_password }}"
-   database: "{{ site.psql_database }}"
+   database: "{{ site.postgres_database }}"
    host: "{{ site.subnet_gateway_ip }}"
    cp_min: 5
    cp_max: 10

deployer/roles/build/templates/synapse/nginx.host.j2

@@ -10,35 +10,18 @@ server {
   include snippets/letsencrypt.conf;
 
   location / {
-{# Does this work as intended when redirect_to_ww is undefined? #}
-{% if site.redirect_to_www %}
-    return 301 https://www.{{ site.url }}$request_uri;
-{% else %}
     return 301 https://{{ site.url }}$request_uri;
-{% endif %}
   }
 }
 
 server {
   listen 443 ssl;
   listen [::]:443 ssl;
-  server_name {{ site.url }} www.{{ site.url }};
+  server_name {{ site.url }};
 
   access_log  /var/log/nginx/{{ site.slug }}-access.log;
   error_log   /var/log/nginx/{{ site.slug }}-error.log;
 
-{% if site.redirect_to_www %}
-  # Redirect non-www to www
-  if ($host = {{ site.url }}) {
-    rewrite ^ https://www.{{ site.url }}$request_uri permanent;
-  }
-{% else %}
-  # Redirect www to non-www
-  if ($host = www.{{ site.url }}) {
-    rewrite ^ https://{{ site.url }}$request_uri permanent;
-  }
-{% endif %}
-
   # Let's Encrypt
   include snippets/letsencrypt.conf;
 
@@ -46,10 +29,16 @@ server {
   ssl_certificate /etc/letsencrypt/live/{{ site.url }}/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/{{ site.url }}/privkey.pem;
 
-  include snippets/header-params_server.conf;
+{% if site.custom_landing %}
   location / {
+    root {{ site.custom_landing }};
+  }
+{% endif %}
+
+  include snippets/header-params_server.conf;
+  location /_matrix {
     include snippets/header-params_location.conf;
 
-    proxy_pass http://{{ site.subnet_site_ip }}:3000;
+    proxy_pass http://{{ site.subnet_site_ip }}:8008;
   }
 }